|
[wpforms](https://wpforms.com/) uses a counter for `ENTRY_ID`s and seems to be vulnerable against CSRF :(
|
|
|
|
Once we have obtained a cookie, crawling is trivial…
|
|
|
|
|
|
## configuration && usage
|
|
|
|
```bash
|
|
cp config.sh{,~}
|
|
edit config.sh~
|
|
|
|
. config.sh~ && ./download.sh
|
|
./merge.sh
|
|
```
|